Select Country

Multi-layer Security

Multi-layer security—also known as "multi-level security" or "defense in depth"—is a suspicious-sounding phrase.

First, it sounds too simple: a naïve "more is better" approach that says two copies of A/V software on an endpoint are better than one.

Second, it definitely sounds like something security vendors thought up: "We sell eleven types of security solution, and you should buy all of them because, um, multi-layer security!" But even if it’s occasionally misused or overused, multi-layer security has a legitimate core meaning —and a significant role in protecting corporate and small business internet security. The facts are, today’s Web environment encourages and rewards blended attacks, a.k.a "multi-prong" threats, against financial targets. And only coordinated defenses that work across multiple protocols and applications have any chance of stopping them.

Let’s see what’s behind blended attacks, how they work, and how you can stop them without earning a Ph.D. in Computer Science or breaking your company’s budget.

Multi-layer corporate and small business internet security makes sense in the cloud, because the costs of infrastructure, bandwidth, and expertise can be shared across clients—and so can the information needed to correlate and block blended attacks.

Follow the money

Malware has followed the evolution of computing since the days of prank programs on mainframes and boot-sector viruses on "sneakernet" floppies. So in today’s universal high-speed online marketplace, it’s no surprise that criminals are designing sophisticated exploits aimed at financial targets. Five main factors are at work:

More connections—higher-bandwidth connections, new devices, and geographic expansion bring more traffic; some of it from regions with hit-or-miss enforcement.

More Web applications—browser-based applications are easy to develop and use. But there’s a downside: 60% of Internet attacks target vulnerabilities in Web applications.

More money in more places—remember when very few people shopped or banked online? Financial targets—especially at financial-services firms or payment-card companies—are now too tempting for online thieves to pass up.

Social networking—it’s not a bank manager in Burkina Faso trying to get your attention—it’s your high school BFF with a link you have to see. Except it’s really a thief attacking your employer with some help from your Facebook page.

Well-funded professional criminals operating worldwide, planning, researching, organizing, and automating attacks on individual companies—the Web environment offers plenty of support for blended attacks; now let’s see how they work.

Anatomy of an attack

Criminals are pragmatists—they use what works. To get their software installed and persistent on business computers, they’ll mix and match adware, spyware, keyloggers, viruses, rootkits, information "scraped" from social networks, and more. Here’s just one example:

Step 1– An aggregator "scrapes" and correlates information on social networks (Facebook, LinkedIn) to find employees at the target company who have Facebook accounts.

Step 2– A "spear-phishing" email disguised as a Facebook "security update" includes a link to a fake login page. Login attempts disclose employees’ Facebook credentials – but they’re not the final target.

Step 3– A pop-up on the fake site installs a Trojan/keylogger designed to steal passwords and financial information.

Step 4– Trojans and loggers harvest and forward financial information for the thieves to use or resell.

The exploit works in part because 30% of U.S. employees log into social networks from work, on their employers’ computers or their own smart phones—and it only takes one.

Multilevel corporate and small business internet security protection

You can’t block blended attacks by blocking every channel attackers might use without sealing off your business from the outside world. And solutions that monitor and block malware on single channels are only partially effective, because:

Only about half of malicious code even has a signature for standard A/V to catch

Heuristics used to back up A/V bog down processors and create false alarms

With blended, protection comes from correlation and analysis: this email appeal links to that fake website on that botnet, and so on—taking into account the code’s origin, history, structure, behavior, vector, target, and more. It’s a challenge for global multinationals and even governments to maintain defenses like these, and for a small or midsize business, it’s economically impossible.

A silver lining – in the cloud

But the advent of cloud computing turns the economics on its head. SaaS routes all of a business’s inbound and outbound email and Web traffic through a provider’s network of high-performance data centers. The provider scans, tests, and then blocks, quarantines, or forwards the traffic using infrastructure, skills, and processes few businesses could afford on their own, and does it all outside its clients’ business networks.

Multi-layer corporate and small business internet security makes sense in the cloud, because the costs of infrastructure, bandwidth, and expertise can be shared across clients—and so can the information needed to correlate and block blended attacks.

Look for an SaaS provider who offers the transparency to let you evaluate your protection, and the accountability to stand behind their promises and claims. Of course, we recommend Webroot—an industry pioneer in business-grade SaaS solutions that integrate layered corporate and small business internet security, data-protection, data management, and policy management in the cloud. Webroot products come with the industry’s best customer support, and we guarantee their performance and availability.